<?php
$zhi=$_GET["id"];
$xss=array("<",">","%",']','script','eval','=','*',"?","\\",".","img","src");#时间不足，还可以添加更过，sql同样。
$sql=array("--","--+","#","left","sleep","%","or","and","=","%23");
$i=count($xss);
$ii=count($sql);
header("Content-Type: text/html;charset=utf-8");
date_default_timezone_set('Asia/Shanghai');//'Asia/Shanghai' 

for($n=0;$n<$i;$n++){
	#echo $xss;
	#echo $xss[$n];
	#echo $n;
	if(strpos($zhi, $xss[$n])!==false){

		echo "本次攻击为"."xss"."攻击已被拦截。";
		$log = fopen("log.txt", "a");
		fwrite($log, "\n");
		fwrite($log, date("Y/m/d")."-"."xss"."-".$sql[$n]."\n");
		fclose($log);
		break;
	}

	
}

for($n=0;$n<$ii;$n++){
	#echo $xss;
	#echo $xss[$n];
	#echo $n;
	if(strpos($zhi, $sql[$n])!==false){

		echo "本次攻击为"."sql"."攻击已被拦截。";
		$log = fopen("log.txt", "a");
		fwrite($log, "\n");
		fwrite($log, date("Y/m/d")."-"."sql"."-".$sql[$n]."\n");
		fclose($log);
		break;
	}

	
}

?>